In the ever-evolving cyber threat landscape, researchers have demonstrated the SnailLoad attack and how it can be used to monitor users’ online activities. As per recent media reports the attack not needing physical proximity to WiFi connections is its defining characteristic. The attack essentially revolves around the manipulation of Transmission Control Protocol (TCP) vulnerabilities for poisoning web addresses and staging attacks.

In this article, we’ll dive into researchers’ discoveries and how the attack is carried out so that both individuals and organizations can implement feasible countermeasures.

Uncovering The SnailLoad Attack

Recent media reports have cited researchers claiming that a side channel known as SnailLoad can be used to determine a user’s web activity. The research states that a SnailLoad attack aims to exploit bottlenecks present on all internet connections.

A connection bottleneck influences the latency of the network, allowing threat actors to manipulate the network activity on another user’s computer. This information can then be used to infer the most visited websites or watched videos.

SnaiLoad Side-Channel Attack Chain

Individuals and organizations must familiarize themselves with the attack chain of the newly discovered network latency exploit. Doing so is essential as it can help them deploy effective countermeasures.

To initiate the attack, the hacker must get users to download a harmless asset hosted on their server. The asset can be a file, image, or ad. Once the asset is loaded, it can then be used to exploit the target’s network latency as a side channel.

Doing so allows the threat actor to determine online activities on the victim’s device. The attack chain further involves the use of a post-processing phase. During this phase, threat actors can determine the transmitted amount of data by measuring the round trip time (RTT).

Academic Disclosure Of The Security Flaw

The report from researchers at the Garz University of Technology further states that “SnailLoad requires no JavaScript, no form of code execution on the victim system, and no user interaction but only a constant exchange of network packets.” 

Researchers have gone on to state that the latency variations are what aid threat actors in network activity monitoring. In addition, it has also been mentioned that routers generally don’t inspect the sequence number of the TCP.

It’s worth mentioning here that this is a serious vulnerability that can be exploited to clear Network Address Translations (NAT) mappings in the router. This essentially allows the threat actors to acquire the sequence and the acknowledgment number of a normal TCP connection, helping them in manipulating it.

At the time of writing, patches for the vulnerability are being prepared by the OpenWrt community and other router vendors such as 360, Huawei, Linksys, Mercury, TP-Link, Ubiquiti, and Xiaomi. It’s recommended that users stay abreast with these changes and make swift use of the patches when they’re available to reduce exposure.

Conclusion

The SnailLoad attack that was recently discovered by researchers is emerging as a significant threat in the cyber security landscape. Sources claim that physical proximity to Wi-Fi connections is not needed for the attack to be carried out, which makes it increasingly severe for both individuals and organizations worldwide.

To stay resilient and secure in the rapidly evolving cybersecurity landscape, users are urged to use proactive cybersecurity measures as it can help combat such threats. Stay informed, stay secure!

The sources for this piece include articles in The Hacker News and Forbes.

The post SnailLoad Attack: Loophole Exploited To Monitor Web Activity appeared first on TuxCare.

*** This is a Security Bloggers Network syndicated blog from TuxCare authored by Wajahat Raja. Read the original post at: https://tuxcare.com/blog/snailload-attack-loophole-exploited-to-monitor-web-activity/